Formerly City College Brighton and Hove and Northbrook College

Application Privacy Notice

Greater Brighton Metropolitan College Application Privacy Policy

Privacy Notice (How we use student information)


We, Greater Brighton Metropolitan College (the College), collect personal information about yourself in order for you to process your course application.  

Primarily, your personal data may be used for:
•    Administrative services, such as course registration and arranging interviews.
•    The provision of student support services and other student guidance.

When we do collect your personal data, we are regulated under the General Data Protection Regulation (GDPR) which applies across the European Union (including in the United Kingdom) and we are responsible as ‘controller’ of that personal information for the purposes of those laws.

The categories of student information that we collect, hold and share include:
•    Identity and Contact Data: personal information (such as name, date of birth, next of kin details, unique learner number, national insurance number, home address, email address and telephone number).
•    Characteristics Data: gender, ethnicity, nationality, country of birth, country of domicile).
•    Disabilities Data: Disclosed and assessed learning difficulities / disabilities.
•    Historical Data: Prior attainment levels and the details of previous educational institutions attended.
•    Employment Data: Current employment status  details.
•    Criminal Data: Criminal convictions and offences.
•    Study Data: Study programme details.


Why we collect and use this information

We use your personal data:
•    to support student learning and achievement
•    to provide appropriate pastoral care
•    to ensure the health, safety and wellbeing of students
•    to meet statutory funding arrangements
•    to comply with the law regarding data sharing


The lawful basis on which we use this information


We will process your personal data for one or more of the following lawful grounds:
•    Where we need to perform the contract we are about to enter into or have entered into with you.
•    Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
•    Where we need to comply with a legal or regulatory obligation.
•    Where we need to in order to protect your health and well-being or the health and well-being of someone else – for example, other students.
•    Where we rely on your consent – for example, where you agree we can send you information about our other courses.


We call the above grounds Fundamental Grounds in the rest of this section.


When we process certain types of data called “special categories of personal data”(which may include, for example, Characteristics Data, Disabilities Data, and Historical Data), we will process these special categories of personal data on one or more of the Fundamental Grounds together with one or more of the following lawful grounds:
•    Where we have obtained your explicit consent;
•    Where we need to assess your capacity to study.
•    Where we need to collect these types of information for statisitical purposes.
•    Where we need to in order to protect your health and well-being or the health and well-being of someone else – for example, other students – and you cannot give your consent, or we cannot be expected to obtain your consent, or where you have unreasonably withdrawn your consent.
•    Where we need to collect and use information about your race or ethnicity to identify or keeping under review the existence or absence of equality of opportunity or treatment between persons of different racial or ethnic origins, with a view to enabling such equality to be promoted or maintained, and, where we do so. we will put in place appropriate safeguards for your rights and freedoms.
When we process Criminal Data, we will process this data for one or more of the Fundamental Grounds and because we are authorised to do so under the laws of the United Kingdom or because we are doing it under the control of an official authority.


Please contact us if you need details about the specific legal ground we are relying on to process your personal data.


Collecting student information
Whilst the majority of student information you provide to us is mandatory, some of it is provided to us on a voluntary basis. In order to comply with the General Data Protection Regulation, we will inform you whether you are required to provide certain student information to us or if you have a choice in this.


Storing student data
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.


For European Union (EU) funded projects, we are required to keep records until 31st December 2025.


We will not share your personal information with any other third party.

Why we share student information
We do not share information about our students with anyone without consent unless the law and our policies allow us to do so.
Requesting access to your personal data
Under data protection legislation, students and/or, if the student is under 18, parents, have the right to request access to student information that we hold. To make a request for your personal information, or be given access to your child’s educational record, contact Shaun Mallin (Deputy Chief Operating Officer and Director of MIS)


You also have the right to:
•    object to processing of personal data that is likely to cause, or is causing, damage or distress
•    prevent processing for the purpose of direct marketing
•    object to decisions being taken by automated means
•    in certain circumstances, have inaccurate personal data rectified, blocked, erased or destroyed; and
•    claim compensation for damages caused by a breach of the Data Protection regulations


If you have a concern about the way we are collecting or using your personal data, we request that you raise your concern with us in the first instance. Alternatively, you can contact the Information Commissioner’s Office at https://ico.org.uk/concerns/ or telephone: 0303 123 1113.


Contact

If you would like to discuss anything in this privacy notice, or if you would like this notice in another format, for example, audio, large print or braille, please contact:
Shaun Mallin (Deputy Chief Operating Officer and Director of MIS)
email: DPO@gbmc.ac.uk

Greater Brighton Metropolitan College
27 April 2018